'Shadow Brokers' dumps list of NSA-hacked attack servers

Chinese and Russian machines listed.

The Shadow Brokers hacking group has released a fresh data dump containing what it claims is a list of servers compromised by the NSA-linked Equation Group.

In August this year, Shadow Brokers posted a sample of intrusion and exploit tools said to be purloined from the NSA. Later analysis by security experts confirmed the tools were genuine.

This time the Shadow Brokers has posted a list of servers said to have been compromised by Equation Group, used for staging attacks.

A total of 352 different servers on separate IP addresses are listed, the vast majority of which run Oracle’s Solaris operating system.

Shadow Brokers posted an incoherent political statement with its leak, commenting on the US elections, but provided little detail on the data released.

At this stage, it is unclear what the information refers to.

Shadow Brokers said “this is being equation group pitchimpair (redirector) keys, many missions into your networks is/was coming from these ip addresses [sic]” – implying the compromised servers were used as launch pads to attack other targets.

A range of unknown exploit tools, codenamed DEWDROP, INCISION, JACKLADDER, ORANGUTAN, PATCHICILLIN, RETICULUM, SIDETRACK and STOICSURGEON are referenced in the list as having been used against the servers.

The list contains different types of servers around the world, in countries that have friendly relations with the United States – including Japan, Sweden, Korea, Finland, Germany and the United Kingdom – but the list also includes servers in China and Russia.

Many of the compromised hosts are on university networks. Nine are on government networks.

File timestamps on the list suggest the servers were exploited between 2000 and 2010, with some still active, a scan using the Shodan tool shows.

Shadow Brokers is asking for money to stop the leaks. It demanded one million Bitcoin in August but didn’t specify any amount this time around.

The data dump comes after the arrest of NSA contractor Harold Martin, who is alleged to have stolen some 50TB of information over a 20 year period.

His employer, Booz Allen Hamilton, also employed Edward Snowden, who has leaked a large amount of confidential data on the covert surveillance and hacking operations by the US and its allies.